<?php
session_start();
if (!$_SESSION['user']){
    header(header:'Location:login.php');
    return;
}
?>
<?php
try {
    $db=new PDO("mysql:host=localhost; dbname=db", 'root', 'root');
    $db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE,PDO::FETCH_ASSOC);
    session_start();
    $hasRight=$_SESSION['user']['xh']===$_GET['xh'] || $_SESSION['user']['isAdmin'];
    if ($hasRight){
        $ps=$db->prepare('delete from students where xh=?');
        $rs=$ps->execute([$_GET['xh']]);
    }else{
        throw new Exception('sorry,你没有操作权限');
    }

    if ($ps->rowCount()===0){
        throw new Exception('删除失败');
    }
    header('Location: index.php');
    return;
}catch (Throwable $e){
    $msg=$e->getMessage();
}
?>
<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport"
          content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>删除用户</title>

    <style>
        h1{color: red;}
    </style>
</head>
<body>
<h1>删除用户</h1>
<div class="msg"><?=$msg?></div>
</body>

</html>
